Incorrect arguments on the API call `getOpenSubsonicExtensions`

[paulijar]

When airsonic-refix calls the server API endpoint getOpenSubsonicExtensions, it passes both token and salt and password. This seems to happen here:

airsonic-refix/src/auth/service.ts

Line 75 in 71b65e3

this.serverInfo = await fetchServerInfo(server, username, { hash, salt, password })

Some servers may accept this but IMHO this is incorrect use of the API. Similar calls are not made by airsonix-refix for any other endpoints. When the connected server is Nextcloud Music, such call is responded with 41: "Token-based authentication not supported". Consequently, airsonic-refix shows incorrect server info in its About box for the server. Also code 43: "Multiple conflicting authentication mechanisms provided" would be possible response for such a call.

Note also that the OpenSubsonic specification https://opensubsonic.netlify.app/docs/endpoints/getopensubsonicextensions/ mandates that the endpoint getOpenSubsonicExtensions must be publicly callable. Hence, you could just omit all the authentication arguments from this call.

[tamland]

Unfortunately not all servers follow the 'publicly accessible' part, like gonic. @sentriz could you have a look at this?

[paulijar]

It's natural if old server versions don't allow the public access, since this wasn't demanded by the specification all the way from the beginning of OpenSubsonic. But if new server versions still don't allow it, then they are in direct violation of the specification and it would be good to report them a bug. This has been required by OS for about 1.5 years now, so it isn't exactly a new thing, either.

Anyway, even if all the servers are fixed, you may still want to have the compatibility also for the old versions and then you can't assume the correct behavior.